openEuler update for samba

1) Incorrect default permissions

EUVDB-ID: #VU67271

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32743

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to Samba does not validate the Validated-DNS-Host-Name for the dNSHostName attribute. A remote attacker can set an arbitrary hostname and perform MitM attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

samba-vfs-glusterfs: before 4.11.12-17

samba-pidl: before 4.11.12-17

samba-common: before 4.11.12-17

libsmbclient: before 4.11.12-17

samba-winbind: before 4.11.12-17

samba-dc: before 4.11.12-17

samba-test: before 4.11.12-17

libsmbclient-devel: before 4.11.12-17

ctdb: before 4.11.12-17

samba-debugsource: before 4.11.12-17

samba-dc-provision: before 4.11.12-17

samba-dc-bind-dlz: before 4.11.12-17

samba-winbind-modules: before 4.11.12-17

samba-winbind-clients: before 4.11.12-17

libwbclient-devel: before 4.11.12-17

samba-libs: before 4.11.12-17

libwbclient: before 4.11.12-17

python3-samba-test: before 4.11.12-17

samba-krb5-printing: before 4.11.12-17

ctdb-tests: before 4.11.12-17

samba-winbind-krb5-locator: before 4.11.12-17

python3-samba: before 4.11.12-17

python3-samba-dc: before 4.11.12-17

samba-devel: before 4.11.12-17

samba-client: before 4.11.12-17

samba-help: before 4.11.12-17

samba-debuginfo: before 4.11.12-17

samba-common-tools: before 4.11.12-17

samba: before 4.11.12-17

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP3:*:*:*:*:*:*
• cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
• cpe:2.3:o:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1878

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.